Secure Apex Code with User Mode Database Operations (Pilot)

You can now declare when Apex runs database operations in user mode or system mode. The new Database methods support an AccessLevel parameter that enables you to run database operations in user mode, instead of in the default system mode.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

Note

Note

We provide User-Mode Database Operations in Apex feature to selected customers through a pilot program that requires agreement to specific terms and conditions. To be nominated to participate in the program, contact Salesforce. Pilot programs are subject to change, and we can’t guarantee acceptance. This feature isn’t generally available unless or until Salesforce announces its general availability in documentation or in press releases or public statements. We can’t guarantee general availability within any particular time frame or at all. Make your purchase decisions only on the basis of generally available products and features. You can provide feedback and suggestions for the feature in the Trailblazer Community.

Why: By default Apex code executes in system mode and doesn’t respect running user permissions. To enhance the security context of Apex, you can specify user-mode access for database operations by invoking Apex in user mode. The field-level security (FLS), sharing rules, and CRUD permissions of the running user are respected in user mode, unlike in system mode.

How: If you're interested in participating in the pilot program, ask your Salesforce Account Executive.

A new class object represents the two modes that Apex runs database operations. Use this new class to define the execution mode as user mode or system mode. These new methods support passing the class object:
  • Database.query methods
  • Search.query methods
  • Database DML methods (insert, update, upsert, merge, delete, undelete, convertLead)